[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] A snort newbie question

Subject: [ale] A snort newbie question
From: jcej at tragus.org (James CE Johnson)
Date: Tue, 21 Aug 2001 18:48:07 -0400

I'm having a bit of trouble configuring snort on my firewall/gateway. At 
least, I think I am...

eth0 is my internal interface, eth1 is connected to my cable modem.

In snort.conf I have:
    var HOME_NET 192.168.42.0/24
    var EXTERNAL_NET $eth1_ADDRESS

And I fire up snort thusly:
    snort -Afull -i eth1 -c /etc/snort/snort.conf -D

I then login to a host external to my network and telnet back to my 
webserver. When I throw the default.ida yack at it I don't see anything 
in my snort logs. The only way I can get anything in the snort logs is 
to change both *_NET values to 'any' but then I get alerts about 
legitimate traffic I generate inside my network.

Suggestions?


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

Prev by Date: [ale] ftp upload mirror tool
Next by Date: [ale] A snort newbie question
Previous by thread: [ale] screwing up the libs....
Next by thread: [ale] A snort newbie question
Index(es):
- Date
- Thread